SSL Certificate Analysis for qixue.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=man169.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

February 05, 2026

Valid Until

May 06, 2026 89 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

C6:AA:56:2D:8C:01:C6:B8:C6:6C:93:84:7F:E7:55:4D:58:4A:E1:AE:EB:E2:55:34:D4:C7:8A:5C:86:FC:5C:E5

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

qixue.com *.qixue.com *.a.qixue.com *.portal.qixue.com

Other domains in certificate

acgcardservces.com *.acgcardservces.com

bellrichard.com *.bellrichard.com *.connect.bellrichard.com *.random.bellrichard.com *.rds.bellrichard.com *.remote2.bellrichard.com *.sitemaps.bellrichard.com *.www.bellrichard.com

bestgun.com *.bestgun.com *.vpn.bestgun.com

burrata.com *.burrata.com *.ww42.burrata.com

*.7yrnizim2u.calcass.com *.blog.calcass.com calcass.com *.calcass.com *.dev.calcass.com *.dl.calcass.com *.hostmaster.calcass.com *.jenkins.calcass.com

eprimers.org *.eprimers.org *.hercules.eprimers.org

*.78z68.istanbulejder7.xyz istanbulejder7.xyz *.istanbulejder7.xyz

*.acceptatie.kuolao.com *.access.kuolao.com *.app.kuolao.com *.apps.kuolao.com *.connect.kuolao.com *.gp.kuolao.com *.hostmaster.kuolao.com kuolao.com *.kuolao.com *.mail10.kuolao.com *.mails.kuolao.com *.mx4.kuolao.com *.ssl.kuolao.com *.vpnssl.kuolao.com *.ww1.kuolao.com

liberateyourmajesty.org *.liberateyourmajesty.org *.new.liberateyourmajesty.org

*.46640www.man169.com *.com169.man169.com *.forum.man169.com *.m.man169.com man169.com *.man169.com *.old.man169.com *.ww25.man169.com

*.cuvpn.maniga.it maniga.it *.maniga.it

*.fr.openleaks.com *.hr.openleaks.com *.jobs.openleaks.com openleaks.com *.openleaks.com *.ww41.openleaks.com

pincock.com *.pincock.com *.vpn1.pincock.com

*.ea80888d-66d1-455f-9d1d-48f15b7b7555.recruter.com *.hostmaster.recruter.com recruter.com *.recruter.com *.search.recruter.com *.sports.recruter.com *.staff.recruter.com *.staging.recruter.com *.ww1.recruter.com

*.mail.shereperllc.store shereperllc.store *.shereperllc.store *.sitemap.shereperllc.store *.ww25.shereperllc.store

*.sitemaps.youthpolitician.com *.ww12.youthpolitician.com youthpolitician.com *.youthpolitician.com